Date: Mon, 06 Feb 2012 18:05:53 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: Hash DoS vulnerability (ocert-2011-003)
So going through various things looks like Ocaml is vulnerable and has
not had a CVE # assigned for this issue yet.
Discussion of the issue takes place on the mailing list, here is a link
for the originating thread:
http://www.mail-archive.com/caml-list@...ia.fr/msg01477.html
There doesn't appear to be a fix yet.
--
Kurt Seifried Red Hat Security Response Team (SRT)